Re: Working example of bi-directional asymmetric ALTQ + NAT ruleset?

Fri, 14 Jan 2011 00:34:45 -0800 

Bingo! Thank you Kelley and (especially again) StuartH.

Seems I was confused because the "queue" directives will work without
specifying an explicit interface....so I assumed it just used the
interface given in the most recent "altq" given above it. But that's
not the case - and it seems it works without an interface given **if
there are queues defined on only one interface in total in the entire
pf.conf**. As soon as you have multiple interfaces, it looks like need
to specify the interface explictly in both the altq directive AND the
individual queue directives "beneath" it.

Not sure why this "feature" is helpful - personally I think the syntax
checking should be a little tighter - but here's what I have, and it
seems to be working beautifully:

#cat /etc/pf.conf
...
altq on $int_if cbq bandwidth 5000Kb queue { std, slow, fast,
tcpack }
queue std   on $int_if   bandwidth 1200Kb priority 1 cbq(default
borrow)
queue slow  on $int_if bandwidth 400Kb priority 0 cbq(ecn)
queue fast  on $int_if  bandwidth 3300Kb priority 2 cbq(borrow)
queue tcpack  on $int_if  bandwidth 100Kb priority 3 cbq(borrow)
#
altq on $ext_if cbq bandwidth 900Kb queue { std, slow, fast, tcpack }
queue std  on $ext_if bandwidth 400Kb priority 1 cbq(default borrow)
queue slow on $ext_if bandwidth 50Kb priority 0 cbq(ecn)
queue fast  on $ext_if bandwidth 400Kb priority 2 cbq(borrow)
queue tcpack  on $ext_if bandwidth 50Kb priority 3 cbq(borrow)
...

Many thanks again for the help and discussion, all. This has been
instructive and illuminating.

-BP-

On Jan 12, 12:08=A0pm, s...@spacehopper.org (Stuart Henderson) wrote:
> On 2011/01/12 08:40, Bonnie Packet wrote:
>
> > altq on $int_if cbq bandwidth 5000Kb queue { std, slow, fast, tcpack }
> > queue std bandwidth 1200Kb priority 1 cbq(default borrow)
>
> you're looking for this format:
>
> queue std on $int_if bandwidth 1200Kb priority 1 cbq(default borrow)
> ..etc..
>
> I don't recall many changes to altq since 3.9 (though of course there
> have been many other fixes, including some related to DoS issues in
> certain circumstances).

Reply via email to